Sun Linux VIM Package May Give Unprivileged Users the Ability to Execute Arbitrary Commands

Category
Security

Release Phase
Resolved

Product
Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

Bug Id
4805905

Date of Resolved Release
22-JUL-2003

Impact

The Vi Improved (VIM) package may give unprivileged users the ability to execute arbitrary commands. VIM allows a user to set the modeline differently for each edited text file and allows the addition of "special comments" in those files. These comments can be modified to call external programs.

This vulnerability of the modeline function could allow an unprivileged user who has system access the ability to create a text file such that when it is opened, arbitrary or malicious commands are executed.

This issue is described at:

Red Hat Advisory RHSA-2002:297-19: https://rhn.redhat.com/errata/RHSA-2002-297.html
CVE: CAN-2002-1377 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377

Note: VIM (Vi IMproved) is a version of the vi editor.

Contributing Factors

This issue can occur in the following releases:

Sun Linux

Sun Linux with VIM 6.1-17.7x.2 or earlier

Cobalt Platform

Qube 3 with VIM 6.1-17.7x.2 or earlier
RaQ4 with VIM 6.1-17.7x.2 or earlier
RaQXTR with VIM 6.1-17.7x.2 or earlier
RaQ550 with VIM 6.1-17.7x.2 or earlier

The VIM package version can be determined by running the following command, as in the example below:

    # rpm -q vim-common
vim-common-6.0-7.13

Symptoms

There are no predictable symptoms that would indicate the above described issue has been exploited.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

Sun Linux 5.0

vim-X11-6.1-18.7x.2.i386.rpm or later
vim-common-6.1-18.7x.2.i386.rpm or later
vim-enhanced-6.1-18.7x.2.i386.rpm or later
vim-minimal-6.1-18.7x.2.i386.rpm or later

The above packages can all be found at: ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPMS

Cobalt Platform

SRPM

vim-6.1-18.7x.2.src.rpm or later, at: ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/SRPMS

Qube3

Qube3-All-Security-4.0.1-16358.pkg or later, at: http://ftp.cobalt.sun.com/pub/packages/qube3/ml

RaQ4

RaQ4-All-Security-2.0.1-16358.pkg or later, at: http://ftp.cobalt.sun.com/pub/packages/raq4/eng

RaQXTR

RaQXTR-All-Security-1.0.1-16358.pkg or later, at: http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng

RaQ550

RaQ550-All-Security-0.0.1-16358.pkg or later, at: http://ftp.cobalt.sun.com/pub/packages/raq550/all

Modification History
Date: 04-AUG-2003

modified Contributing Factors

Attachments

This solution has no attachment